Most Australian organisations have delayed their digital transformation projects because of cybersecurity concerns, according to research from Microsoft released today, which estimated the potential economic impact of cybersecurity in Australia to be $29 billion per year.
The study was based on responses from 1300 business and IT executives across APAC including 100 from the Australian market. 71 per cent of respondents were from large organisations with more than 500 staff with the remaining 29 per cent from mid-sized organisations (250-499 staff).
- LEARN: Dive deeply with us into machine learning, blockchain, IOT and big data. Register your interest now for The Intelligent Enterprise: Real World Transformation, two upcoming panel events and with roundtable discussions afterward in Sydney on July 31, 2018, and Melbourne on August 2, 2018. Which-50 is partnering with SAP on the events.
The reluctance to digitally transform because of cyber is the most surprising finding from the study, according to Tom Daemen, director of corporate, legal and external affairs, Microsoft. He argues the fear that digital transformation will create a greater security threat is also misplaced.
“Quite a few organisations in Australia are delaying digital transformation for fears of cyber. And I think that’s exactly backwards,” Daemen told Which-50.
“The more digital you are, the more digitally transformed you are, the more modern you are, most certainly you will be more digitally resilient and cyber resilient.”
The inverse is also true, Daemen says, where organisations relying on an “old school” approach to digital are actually much more vulnerable to cybersecurity attacks. The research also suggests that for most organisations who do undertake a digital transformation cybersecurity is an afterthought.
Nine out of ten organisations undertaking a transformation do not consider cybersecurity until the transformation project has begun, according to the research, meaning just 10 per cent are considering cybersecurity before a project starts.
The findings come from the Microsoft commissioned study, Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World, which was conducted by Frost and Sullivan, a global research and consulting firm.
According to the research, 55 per cent of Australian organisations have experienced cyber security incidents. A further 20 per cent may also have been affected by cyber attacks but have failed to check.
That failure is usually not a resource problem, Daemen said. Rather it is a case of cybersecurity falling not being a high priority, a consequence of an antiquated view of data, according to Daemen.
“Before you’re going to prioritise [cybersecurity], before you’re going to think about if you should do that, you really need to have senior leadership in the company that recognises that data is a strategic asset. It needs to be protected, it needs to be assessed and evaluated properly.
“We still see a lot of organisations that haven’t take that step to view data as a strategic asset and therefore they haven’t allocated the resources on this when it comes to cyber.”
A multibillion dollar problem
The direct costs associated with cybersecurity is $29 billion per year — almost 2 per cent of Australia’s GDP — according to the research. Direct costs refer to tangible losses in revenue, decreased profitability and fines, lawsuits and remediation.
The $29 billion figure is an estimate because organisations are hesitant to reveal the exact impact of cybersecurity attacks, according to Daemen.
“The overarching challenge… is trying to extract the information from organisations who are, not surprisingly, less than inclined to reveal the scope and magnitude of the challenges they are facing in the past and the future,” he said.
However, he maintains the methodology of the study is diverse and sufficient to “paint a pretty consistent picture”.
“You do have to make some predictions and guesses here and there. [But] when you get a lot of commonality here and there in the response it gives you a little more confidence that you’re in the right ballpark.”
“We can quibble whether it’s going to be $29 billion or $28 billion, it’s going to be a big number. And that’s really the key takeaway for everybody right now,” Daemen said.
He said the cost of cybersecurity in Australia is rising, as it is globally, but could not say if Australia had a unique cybersecurity problem.
“This is clearly a global phenomenon and everybody is struggling with these same challenges around the world. Yes it’s increasing but no I wouldn’t say there’s something uniquely bad in Australia that is causing it.”